I think my question is much easier to understand looking at the draw below. The idea is that for some reasons (such like accessing the intranet of my company, or getting access to some web pages that only my company has access to) I want to browse the Internet using the IP of my company, but from home. The problem is that to get access to my PC "inside" I have to go through a gate.

One solution could be of course to login into gate, and from there to my PC, with ssh -X. Once inside I can open a Firefox window that will pop up in my PC at home. The problem of this approach is that it is very slow because I have to send the whole GUI through the network, instead of just the Internet packages.

A better idea to overcome this problem would be to use ssh -D8080 ip.remote.company to create a tunnel, and then setup Firefox in my PC at home to use the remote computer as proxy, sending the internet packages (but not the GUI) through this secure channel, such as explained in many web pages.

The problem, of course, is that I have to go through the gate, which adds a level of complexity, so I have to setup (I think) two tunnels instead of just one, those drawn in red in the figure.

How can I setup a port forwarding (or something similar) to tunnel my connection to Internet through the network of my company, as illustrated in the figure, from outside? Of course I have access and accounts in the three computers.

I would recommend using autossh to keep the connections up... that is probably another problem...

Explanation:
From localhost, forward port 7777 to gate's port 7778. Assign a terminal, to allow you to answer ssh prompts. On gate, run the quoted ssh commend to run dynamic forwarding on gate's port 7778. (which is forwarded to the initial PC's 7777)

This will create a tunnel of a plain TCP connection port 22 to your pc through the gate and start an SSH connection as if you are on the gate. Use

$ ssh mypcinside

to connect.

One of the requirements is that the gate has nc installed (or replace with another netcat-like tool) and it allows you to start plain TCP port 22 connections without using the SSH client. In a standard configuration this is perfectly possible, but some enforced security might be in place to prevent this.